lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Wed Sep 28 16:49:10 2005
From: pauls at utdallas.edu (Paul Schmehl)
Subject: Suggestion for IDS 

--On Wednesday, September 28, 2005 11:37:38 -0400 Valdis.Kletnieks@...edu 
wrote:

> On Wed, 28 Sep 2005 07:01:34 EDT, "J. Oquendo" said:
>
>> While I do agree with the statement made "Quite frankly, anybody who
>> already has a PIX installed and wants to install an IPS needs to quantify
>> *exactly* what protection the PIX is failing to provide before they go
>> shopping for anything" to a degree, I also disagree with that statement
>> since it eludes to the thinking that solely a PIX will save your ass. It
>> won't, nor will any other firewall, nor will any other product combined
>> with any OTHER product and so on.
>
> Obviously, the original poster isn't thinking that a PIX will save their
> ass, because they're in the market for something in addition :)
>
> They should be figuring out *why* they need more protection (quite
> frankly, for many places, a *properly configured and maintained* PIX is
> quite sufficient),

Not only was the PIX (for us) not sufficient, it wasn't robust enough. 
We're ditching our PIXes for OpenBSD and pf.

If you NAT a lot, PIX can't handle the load.  It also isn't flexible enough.

Paul Schmehl (pauls@...allas.edu)
Adjunct Information Security Officer
University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/ir/security/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ